Fraudulent vs. underqualified
A fraudulent candidate is not the same as an exaggerating candidate. Exaggeration is inflating a real role; fraud is impersonating someone else, fabricating a role that never existed, or concealing who will actually do the work if hired. The first is a judgment call and a reference check. The second is an integrity problem, and it needs to be caught before it gets close to an offer.
This guide focuses on the second category. For the full taxonomy of fraud types — identity fraud, ghost applicants, proxy interviewees, state-sponsored placements — see our full detection playbook.
Catching fraud at intake
Intake is the cheapest stage to catch fraud. A candidate who fails identity verification at intake never makes it onto a calendar.
Require verifiable contact info
Collect name, phone, and email on every application. Reject applications submitted without one of these fields — the small friction cost is worth it.
Run the three fastest checks
- Email domain: flag any suspicious or high-risk email domain automatically. Maintain a list of 100+ common ones, or use a tool that does.
- Contact-information sanity: confirm the phone and email actually work, that they aren't recycled from previously-flagged applications, and that they're consistent with a real person rather than freshly provisioned for a single application.
- Cross-source identity match: does the name/email pair resolve to the same person across at least two sources (Google, LinkedIn, a professional directory)?
Any one of these raises a yellow flag. Two raise a red flag. The combined false-positive rate, run properly, sits well under 5%.
Catching fraud on the recruiter screen
If a candidate makes it to the recruiter screen, assume the automated checks cleared them but that fraud is still possible. The screen is your first human signal.
Confirm the details you already have
Ask the candidate to confirm, verbally, the phone number and email on file. A fraudster using a scripted persona often hesitates here — not because they don't know it, but because the recruiter is reading from a different source than their script.
Ask a specific question about their most recent role
Not "what did you do" — they have that scripted. Ask "what was the biggest frustration of your last quarter?" or "what's one thing you'd change about how your team deployed?" Fraudsters who bought a résumé don't have this answer. The silence, or a generic response, is information.
Watch for pacing mismatches
Fluent English described in the résumé but halting cadence on the call, or vice versa, is often a proxy interviewee. So is an unusually long latency on every response — someone is listening and relaying.
Catching fraud during technical interviews
Technical interviews are where proxy interviewees most commonly slip through, because the interviewer is focused on the technical answer rather than on who is giving it. Three tactics:
Require video, with the camera showing at least shoulders-up
Audio-only interviews are a gift to fraudsters. So are full-face zoom crops — the candidate should be framed naturally, as they would be in person.
Ask the candidate to share their screen and code
This one's obvious but underused. Ask the candidate to solve a small problem in a shared IDE. Proxy interviewees usually have to toggle between writing code and listening to someone else; that latency becomes visible when they're screen-sharing in real time.
Ask meta-questions about their own code
After they solve a problem, ask them to explain the tradeoff they chose. A real candidate can usually explain their own work; a proxy who was fed the solution often can't reconstruct the reasoning.
Catching fraud in references
References are trivial to forge — and many recruiters treat reference calls as a formality, which makes them a great place for fraud to hide. Two changes raise the bar:
Don't take candidate-supplied phone numbers on faith
Run the reference's phone number through the same verification stack you used on the candidate. If the reference's "manager at Google" fails the same cross-source identity check your candidate passed or failed, you're probably talking to the same operator.
Call the company mainline, not the reference's direct line
Ask to be transferred to the reference by name through the company switchboard. Fraud references usually can't handle this — either the number is a mobile that doesn't connect to a company directory, or the named reference isn't actually there.
Catching fraud at offer and onboarding
Two final choke points catch the fraud that made it all the way through interviews:
Mandatory ID verification before offer letter
Drive this with a short video call or an identity-verification service. The candidate should hold up their government ID next to their face, on camera. Proxy interviewees drop off at this step; real candidates comply in thirty seconds.
Shipping address sanity check
When hardware or secure documents ship, verify the shipping address resolves to a real residence (not a virtual mailbox, not a coworking space — unless the candidate explicitly uses one). Fraudsters, especially state-sponsored placements, route hardware through laptop-farm addresses that look legitimate on a map but resolve to a single suburban house with dozens of devices.
Tooling that helps
Running every check above manually is possible but tedious. A toolbar tool like Verif_Hire compresses the intake-stage checks (email domain, contact information, cross-source identity) into a single click from your ATS. For larger teams, see our comparison of fake candidate detection tools — it covers the trade-offs between browser extensions, standalone services, and ATS-integrated options.
FAQ
How often should a real candidate trip these checks?
With a well-tuned signal stack, the false-positive rate on the intake-stage checks is roughly 2–4%. Most false positives are legitimate candidates using privacy-forward email services or thin public footprints; a quick clarifying email resolves the flag.
What if a candidate refuses identity verification?
Refusal is itself a signal. Real candidates understand that verification is a normal step. If they object, document the reason, offer a reasonable alternative (signed attestation, video call with ID hold-up), and if they still decline, decline the application.
Is this overkill for entry-level roles?
Not in 2026 — entry-level remote roles are in fact the highest-volume target for fraud, because the oversight per hire is lower. Light-weight intake verification costs seconds per applicant and catches the majority of low-effort fraud.